Debian: New Git packages fix remote code execution

It was discovered that gitweb, the web interface for the Git version control system, contained several vulnerabilities. Remote attackers could use crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality. Local users with write access to the configuration of a Git repository served by gitweb could cause gitweb to execute arbitrary shell commands with the permission of the web server. Updated packages are available from security.debian.org.